Sender Best Practices
A key mission of Yahoo is to deliver messages that consumers want to receive and filter out the messages they don't. The best way to ensure your messages are delivered is to send timely and relevant email to an active and engaged audience.
Follow these best practices and tips to help your mailings reach their intended audience.
For more sender best practices, read the Messaging Anti-Abuse Working Group's Senders Best Communications Practices Version 3.0 .
Send Emails customers want
- Verify you're only sending mail to users who specifically requested it.
- Honor the frequency of the list's intent. Don't start sending daily emails to subscribers of your weekly or monthly mailing.
- Don't purchase mailing lists or subscribe users by having an opt-in checkbox automatically checked on your website.
Authenticate using SPF, DKIM, and DMARC
- Yahoo strongly urges senders to publish a DMARC policy for each domain that sends mail.
- A DMARC (Domain-based Message Authentication, Reporting & Conformance) policy allows a sender to indicate that their messages are protected by DKIM and/or SPF, and tells a receiver what to do if neither of those authentication methods passes.
- Authenticate every email with DKIM (Domain Keys Identified Mail), which creates a signature of the content of the message.
- DKIM signatures allow Yahoo to associate email with the sender and verify that the content of the email has not been changed during transmission.
- Publish valid SPF (Sender Policy Framework) records, which allow a sender to specify the list of IPs which are allowed to send mail for that domain.
- SPF records allow Yahoo to reject messages which originate from IPs not listed in the domain's SPF record.
- Following these recommendations should provide senders with a consistent reputation for their domain, regardless of which IP mail is sent from.
- For more information, see our FAQ, M3AAWG, DMARC.org, DKIM.org, and OpenSPF.org.
Segregate Email types by IP or DKIM domain
- Don't send bulk/marketing email from the same IPs you use to send user mail, transactional mail, alerts, etc.
- Each IP and DKIM domain has a reputation, which can impact the delivery of your email.
- Sending unsolicited commercial email can negatively affect your reputation.
- By segregating your email according to function, you help ensure that your mail receives the best delivery possible.
Use OPT-IN method to confirm user subscriptions
- When users subscribe to your mailing list, send them an email asking them to click to confirm their opt-in. This will improve the experience for users (who won't sign up accidentally or get signed up maliciously) and for your list (which won't contain uninterested people, fake email addresses, or most robots).
- Set recipient expectations clearly when users subscribe. Let them know what mail to expect, how often it will be sent, and what it will look like.
Allow users to easily unsubscribe
- Support One Click Unsubscribe, a method for signaling a one-click function for the List-Unsubscribe email header field. Refer to RFC 8058 for details.
- Provide an obvious and visible unsubscribe process that doesn't require users to log in.
- Requests should be processed promptly.
Remove invalid recipients
- Sending email to users who are not reading them, or who report them as spam, will harm your delivery metrics and reputation.
- Monitor hard and soft bounces as well as inactive recipients.
- Reduce the number of invalid recipients by using double/confirm opt-in.
- Remove invalid recipients from your list promptly.
- Consider sending a reconfirmation email to inactive subscribers periodically.
Enroll in complaint feedback loop (CFL)
- Once you sign your emails with DKIM, our CFL program can help you track and manage your spam complaint rates.
- When users click “report spam,” you can get a copy of the spam complaint.
- An active CFL is needed for all DKIM domains to make sure you're processing complaints quickly.
- Use the CFL to maintain a clean mailing list.
- Additional third-party tools are available to help you manage your CFL.
Publish reverse DNS (PTR) records
- Publish valid, meaningful, non-generic reverse DNS (PTR) records for all of your sending IPs.
- Reverse DNS should reflect your domain name in some way.
- Do not use a reverse DNS that looks like a dynamically-assigned IP instead of a static mail server.
Ensure mail servers are secure
- Maintain mail server security with the latest security patches to prevent unauthorized or anonymous use.
- Filter user-generated content before sending it, to prevent spammers from using your resources.
- Be aware that if your servers act as “open proxies” or “open relays,” spammers may attempt to send their own mail from your systems.
- Add routes for all the IP space that you own to reduce vulnerability to BGP hijacking, which allows hackers to send mail that pretends to come from your IP space.
Control the flow of your outbound emails
- Limit the messages sent per connection - Yahoo accepts a limited number of messages per SMTP connection. If this per-connection limit is reached, no further messages will be accepted for delivery as our server automatically terminates the connection, without giving an error message.
- Reestablish connections if you do not get an error code - When our server terminates your connection, you may try to reconnect to our MX servers immediately thereafter.
- Open concurrent connections - You may open concurrent connections from the same server to facilitate efficient transmission of your messages. However, while we do not publish specific guidelines for the numbers of connections you can concurrently use, we ask that you treat our resources with respect. The more you take, the fewer there are for others, which may force us to de-prioritize connections from your server(s).
Be compliant with RFCs and CAN-SPAM
- Regardless of where in the world you're sending your mail, make sure you adhere to the requirements stipulated by the CAN-SPAM Act.
- The CAN-SPAM Act establishes requirements for commercial messages, gives recipients the right to have you stop emailing them, and spells out tough penalties for violations.
- Don't use false or misleading header information or deceptive subject lines to hide, forge or misrepresent the sender or origin of the email.
- All email must be compliant with RFC 5321 and RFC 5322.